diff --git a/Dockerfile b/Dockerfile index 18df38c52d47c5b8a4d91d982be941958cc69944..b60698be311a87f8cb7220ec6a369f8aae3ff254 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,16 @@ -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil/ironbank ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -ARG VERSION=0.0.6 +ARG VERSION=21.13 #COPY LICENSE /licenses/innosabi RUN \ dnf -y update && \ - dnf -y module install php:7.3/minimal && \ - dnf -y install php-fpm php-json php-mbstring php-xml php-gd php-intl php-ldap php-opcache php-mysqlnd php-dba + dnf -y module install php:7.4/minimal && \ + dnf -y install php-fpm php-json php-mbstring php-xml php-gd php-intl php-ldap php-opcache php-mysqlnd php-dba php-bcmath openssl ### Memcached Packages @@ -29,9 +28,9 @@ COPY fastlz.rpm fastlz.rpm # Add Remi GPG key COPY RPM-GPG-KEY-remi2020 RPM-GPG-KEY-remi2019 RPM-GPG-KEY-remi2018 fedora.gpg /tmp/ RUN rpm --import /tmp/RPM-GPG-KEY-remi2020 && \ - rpm --import /tmp/RPM-GPG-KEY-remi2019 && \ - rpm --import /tmp/RPM-GPG-KEY-remi2018 && \ - rpm --import /tmp/fedora.gpg + rpm --import /tmp/RPM-GPG-KEY-remi2019 && \ + rpm --import /tmp/RPM-GPG-KEY-remi2018 && \ + rpm --import /tmp/fedora.gpg # Remi COPY php-pecl-msgpack.rpm php-pecl-msgpack.rpm @@ -46,7 +45,7 @@ COPY gdk-pixbuf2.rpm gdk-pixbuf2.rpm COPY ilmbase.rpm ilmbase.rpm COPY pixman.rpm pixman.rpm COPY cairo.rpm cairo.rpm -#COPY graphviz.rpm graphviz.rpm +COPY graphviz.rpm graphviz.rpm COPY fftw-libs-double.rpm fftw-libs-double.rpm COPY LibRaw.rpm LibRaw.rpm COPY librsvg2.rpm librsvg2.rpm @@ -59,15 +58,10 @@ COPY xorg-x11-fonts.rpm xorg-x11-fonts.rpm COPY libraqm.rpm libraqm.rpm # Remi -#COPY php-pecl-imagick.rpm php-pecl-imagick.rpm +COPY php-pecl-imagick.rpm php-pecl-imagick.rpm COPY liblqr.rpm liblqr.rpm -#COPY ImageMagick-libs.rpm ImageMagick-libs.rpm -#COPY ImageMagick.rpm ImageMagick.rpm - -#Copy application and dependencies -COPY appserver.tar.gz.aes.tar.gz /tmp/appserver.tar.gz.aes.tar.gz -RUN cd /tmp && tar -zxvf appserver.tar.gz.aes.tar.gz && rm appserver.tar.gz.aes.tar.gz - +COPY ImageMagick-libs.rpm ImageMagick-libs.rpm +COPY ImageMagick.rpm ImageMagick.rpm # Install and clean RUN \ @@ -75,32 +69,33 @@ RUN \ rm -f *.rpm && \ dnf -y clean all +COPY config/php.ini /etc/php.ini +COPY config/php-fpm.conf /etc/php-fpm.conf +COPY config/www.ubi.conf /usr/local/etc/php-fpm.d/www.conf +COPY config/magic /usr/local/etc/magic +COPY scripts/php-fpm-healthcheck /usr/local/bin/ -WORKDIR /opt/ignite -RUN mkdir /storage +# Create all main directories to set access rights +RUN mkdir /run/php-fpm +RUN mkdir -p /storage +RUN mkdir -p /opt/ignite/core -RUN mv /tmp/composer.lock /opt/ignite -RUN mv /tmp/composer.json /opt/ignite -RUN mv /tmp/appserver.tar.gz.aes /opt/ignite +WORKDIR /opt/ignite -#COPY version version +#Copy application and dependencies +COPY appserver.tar.gz.aes.tar.gz /tmp/appserver.tar.gz.aes.tar.gz +RUN cd /tmp && tar -zxvf appserver.tar.gz.aes.tar.gz && rm appserver.tar.gz.aes.tar.gz +RUN mv /tmp/appserver.tar.gz.aes /opt/ignite -# Keep this in sync with .gitlab-ci CI change detection -#COPY ["application", "/opt/ignite/core/application"] -#COPY ["library", "/opt/ignite/core/library"] -#COPY ["bin/cron.php", "bin/crowd.php", "/opt/ignite/core/bin/"] -#COPY ["public/index.php", "/opt/ignite/core/public/"] -#COPY ["bootstrap.php", "composer.json", "composer.lock", "/opt/ignite/core/"] +RUN mv /tmp/composer.lock /opt/ignite +RUN mv /tmp/composer.json /opt/ignite -#COPY docker/appserver/php.ini /etc/php.ini -#COPY docker/appserver/php-fpm.conf /etc/php-fpm.conf -#COPY docker/appserver/www.ubi.conf /usr/local/etc/php-fpm.d/www.conf -#COPY docker/appserver/magic /usr/local/etc/magic +COPY scripts/decrypt.sh /usr/sbin/decrypt.sh -RUN mkdir /run/php-fpm RUN chown -R apache:apache /run/php-fpm -RUN sed -i 's/listen = \/run\/php-fpm\/www.sock/listen = 9000/g' /etc/php-fpm.d/www.conf -ENTRYPOINT [ "/usr/sbin/php-fpm" ] +RUN chown -R apache:apache /opt/ignite + +ENTRYPOINT [ "/usr/sbin/decrypt.sh", "/usr/sbin/php-fpm" ] EXPOSE 9000 diff --git a/LICENSE b/LICENSE index c35164a7ef46748317b30eb3d6151cbd4e94265e..7e6a4163a37b906b6b817c1738c8a9f46319718b 100644 --- a/LICENSE +++ b/LICENSE @@ -1,9 +1,8 @@ LICENSE: COMMERCIAL -(c) 2001-2020 innosabi, 2020 Collaboration.ai +(c) 2020-2021 Collaboration.Ai -You need to acquire a license from innosabi to use this product. This product includes open source software. +You need to acquire a license from Collaboration.Ai to use this product. This product includes open source software. The source code of the open source parts and its licenses is included or can be requested. -innosabi GmbH, Möhlstraße 2, 81675 München -Collaboration.ai, 661 Auburn Avenue NE, Suite 5, Atlanta, GA 30312-1940 +Collaboration.Ai, 1120 S. 2nd St. Unit 811, Minneapolis, MN 55415 diff --git a/README.md b/README.md index c35164a7ef46748317b30eb3d6151cbd4e94265e..eb727ab761747f84ccaf8cc4fb7f97bbbe9aedc4 100644 --- a/README.md +++ b/README.md @@ -1,9 +1 @@ -LICENSE: COMMERCIAL - -(c) 2001-2020 innosabi, 2020 Collaboration.ai - -You need to acquire a license from innosabi to use this product. This product includes open source software. -The source code of the open source parts and its licenses is included or can be requested. - -innosabi GmbH, Möhlstraße 2, 81675 München -Collaboration.ai, 661 Auburn Avenue NE, Suite 5, Atlanta, GA 30312-1940 +Application server for CrowdVector. This container provides backend functionality for CrowdVector application. It is based on php-cli and php-fpm diff --git a/config/magic b/config/magic new file mode 100644 index 0000000000000000000000000000000000000000..46a7e4a958566639f8e2e3b3af131ff0988730ab --- /dev/null +++ b/config/magic @@ -0,0 +1,10 @@ +# Magic local data for file(1) command. +# Insert here your local magic data. Format is described in magic(5). + +# Recognize CSS files +0 search/2048/c =font-size: Cascading Style Sheet text +!:mime text/css +0 search/2048/c =color: Cascading Style Sheet text +!:mime text/css +0 search/2048/c =width: Cascading Style Sheet text +!:mime text/css diff --git a/config/php-fpm.conf b/config/php-fpm.conf new file mode 100644 index 0000000000000000000000000000000000000000..b131cfbc8f76aad238397631c1a3dc8bfd0963f5 --- /dev/null +++ b/config/php-fpm.conf @@ -0,0 +1,6 @@ +[global] + +;pid = /run/php-fpm/php-fpm.pid +error_log = /proc/self/fd/2 +daemonize = no +include=/usr/local/etc/php-fpm.d/*.conf diff --git a/config/php.dev.ini b/config/php.dev.ini new file mode 100644 index 0000000000000000000000000000000000000000..a5d181acdafd8d0b7ca1a03f82be6b0f8a5be026 --- /dev/null +++ b/config/php.dev.ini @@ -0,0 +1,38 @@ +[PHP] + +; For documentation visit +; https://www.php.net/manual/en/ini.list.php + +short_open_tag = Off +output_buffering = 4096 +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority +expose_php = Off + +max_input_time = 60 +memory_limit = 256M + +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +log_errors = On +report_memleaks = On + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +post_max_size = 50M +upload_max_filesize = 50M + +enable_dl = Off + +[CLI Server] + +cli_server.color = On + +[opcache] + +opcache.enable=1 +opcache.memory_consumption=512 +opcache.interned_strings_buffer=32 +opcache.max_accelerated_files=100000 +opcache.validate_timestamps=3 +opcache.blacklist_filename=/storage/instances diff --git a/config/php.ini b/config/php.ini new file mode 100644 index 0000000000000000000000000000000000000000..090a06c03df9536929a0bbbbc6506d3c71770fbf --- /dev/null +++ b/config/php.ini @@ -0,0 +1,38 @@ +[PHP] + +; For documentation visit +; https://www.php.net/manual/en/ini.list.php + +short_open_tag = Off +output_buffering = 4096 +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority +expose_php = Off + +max_input_time = 60 +memory_limit = 256M + +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +log_errors = On +report_memleaks = On + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +post_max_size = 50M +upload_max_filesize = 50M + +enable_dl = Off + +[CLI Server] + +cli_server.color = On + +[opcache] + +opcache.enable=1 +opcache.memory_consumption=512 +opcache.interned_strings_buffer=32 +opcache.max_accelerated_files=100000 +opcache.validate_timestamps=0 +opcache.blacklist_filename=/storage/instances diff --git a/config/www.conf b/config/www.conf new file mode 100644 index 0000000000000000000000000000000000000000..82a97faed9857bc0f8327c7e36126cb93298e4d3 --- /dev/null +++ b/config/www.conf @@ -0,0 +1,18 @@ +[www] + +listen = 0.0.0.0:9000 + +; Allow 32 parallel requests per container +pm = static +pm.max_children = 32 +pm.status_path = /status + +ping.path = /monitoring/ping +ping.response = pong + +; Log slow requests to the docker container logs +; slowlog = /proc/self/fd/2 +; request_slowlog_timeout = 1s + +; This is required for env injection and multi-tenancy +clear_env = no diff --git a/config/www.ubi.conf b/config/www.ubi.conf new file mode 100644 index 0000000000000000000000000000000000000000..a40d976b6d87b742dd4f507cc6e3f7fe42e9a3cc --- /dev/null +++ b/config/www.ubi.conf @@ -0,0 +1,22 @@ +[www] + +user = apache +group = apache + +listen = 0.0.0.0:9000 + +; Allow 32 parallel requests per container +pm = static +pm.max_children = 32 +pm.status_path = /status + +ping.path = /monitoring/ping +ping.response = pong + +;access.log = log/$pool.access.log + +;slowlog = log/$pool.log.slow +;request_slowlog_timeout = 0 + +; This is required for env injection and multi-tenancy +clear_env = no diff --git a/config/xdebug.ini b/config/xdebug.ini new file mode 100644 index 0000000000000000000000000000000000000000..631ab307b5fc4e65c82b888cd7162a7e7edad787 --- /dev/null +++ b/config/xdebug.ini @@ -0,0 +1,25 @@ +; Load xDebug +zend_extension=xdebug.so + +; Enable colors on CLI +xdebug.cli_color=1 + +; The IDE key to filter connections. +xdebug.idekey=PHPSTORM + +; Remote connection settings +xdebug.start_with_request=yes +xdebug.discover_client_host=0 +xdebug.remote_handler=dbgp +xdebug.client_host=docker.for.mac.host.internal +xdebug.mode=debug +xdebug.client_port=9999 +xdebug.log=/tmp/xdebug.log + +; Profiler settings +xdebug.output_dir="/tmp/xdebug/profiling" + +; @todo +xdebug.var_display_max_children=-1 +xdebug.var_display_max_data=-1 +xdebug.var_display_max_depth=-1 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index cd1900c3d49818bc480a9d3e67b291990a9453a2..e1a386641486d09133daabfaf630064b7c4a884b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "collaborationai/crowd-vector/appserver" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "0.0.6" +- "21.13" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://collaboration.ai/products/crowdvector/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Collaboration.Ai" - org.opencontainers.image.version: "0.0.6" + org.opencontainers.image.version: "21.13" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "CrowdVector" ## This value can be "opensource" or "commercial" @@ -37,162 +37,162 @@ labels: # List of resources to make available to the offline build context resources: -- filename: fedora.gpg - url: https://getfedora.org/static/fedora.gpg - validation: - type: sha256 - value: fa8c7bc737685389cb7faed7105b103f2afb3a2b8e329785d3fe3290e522d30e -- filename: RPM-GPG-KEY-remi2020 - url: https://rpms.remirepo.net/RPM-GPG-KEY-remi2020 - validation: - type: sha256 - value: 0483c1e7a7bf6bf6fe62882585d3bb9d903656ad020dd7045f2d496229c01959 -- filename: RPM-GPG-KEY-remi2019 - url: https://rpms.remirepo.net/RPM-GPG-KEY-remi2019 - validation: - type: sha256 - value: bba72d91ef180f18d3e7626a36ddd605d6f82ae31ce37802498b05d5444f52bb -- filename: RPM-GPG-KEY-remi2018 - url: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018 - validation: - type: sha256 - value: 01992da5a631f40d0c733441f8623e0ceddcb98541b70ad528c51f04877875fb -- filename: RPM-GPG-KEY-CentOS-Official - url: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official - validation: - type: sha256 - value: 146059788b214d7ba0dd70c1cf21111e594c6cfde201da8a9a88fe7101be8a78 -- filename: fastlz.rpm - url: https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/f/fastlz-0.1.0-0.12.20070619svnrev12.el8.x86_64.rpm - validation: - type: sha256 - value: 9709ef361090892632cbdbb6002d96b4ab77e8b6dbed4568b215b153eda49e36 -- filename: gdk-pixbuf2.rpm - url: http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/gdk-pixbuf2-2.36.12-5.el8.x86_64.rpm - validation: - type: sha256 - value: 94cb8dceb47a5b01e3c0542ea3b48601d720325da28e6e6d89ae529e4fddcd97 -- filename: pixman.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/pixman-0.38.4-1.el8.x86_64.rpm - validation: - type: sha256 - value: ddbbf3a8191dbc1a9fcb67ccf9cea0d34dbe9bbb74780e1359933cd03ee24451 -- filename: libXaw.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/libXaw-1.0.13-10.el8.x86_64.rpm - validation: - type: sha256 - value: d82ca1d1d9aea848d05ac0ffe889f921a19f37883ae1cf6ba1ca0528e2ab46e4 -- filename: ilmbase.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/ilmbase-2.2.0-11.el8.x86_64.rpm - validation: - type: sha256 - value: ed2e48ad367e08c5f6d0e79c405ff38967506895c0e39209d301d56529f6ddaa -- filename: php-pecl-imagick.rpm - url: https://rpms.remirepo.net/enterprise/8/php73/x86_64/php-pecl-imagick-3.4.4-10.el8.remi.7.3.x86_64.rpm - validation: - type: sha256 - value: 4c65f8fa3421e96664a8c226248b0495a26adeb2bdd004170665ad7ae50b0b0b -- filename: graphviz.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/graphviz-2.40.1-40.el8.x86_64.rpm - validation: - type: sha256 - value: b70b6fdaf8fe66a2823d5d415b016acfb0d6f6b6a2a7154820db9ef76e908a90 -- filename: libwmf-lite.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/libwmf-lite-0.2.9-8.el8_0.x86_64.rpm - validation: - type: sha256 - value: e539923a2a5b5f484264007524cf13bf9731c27454784ef2b05d516115cd7bf3 -- filename: fftw-libs-double.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/fftw-libs-double-3.3.5-11.el8.x86_64.rpm - validation: - type: sha256 - value: ed2767829f8545739e9861254cc4c729a43f0e67b981af3102649b4732feaeff -- filename: ImageMagick.rpm - url: https://rpms.remirepo.net/enterprise/8/remi/x86_64/ImageMagick-6.9.11.45-1.el8.remi.x86_64.rpm - validation: - type: sha256 - value: 9c2d0174c5d4b80d7fa1876fb820d3d08a88aa43f276f1d73421729c679af865 -- filename: ImageMagick-libs.rpm - url: https://rpms.remirepo.net/enterprise/8/remi/x86_64/ImageMagick-libs-6.9.11.45-1.el8.remi.x86_64.rpm - validation: - type: sha256 - value: b5d7a88767f12ed7ef30a365760bde534716830e1e8b991548df44432d9b31d4 -- filename: cairo.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/cairo-1.15.12-3.el8.x86_64.rpm - validation: - type: sha256 - value: 2fcd7a063cab2e103fd4fdf8f4c63d09b9f3d60759c3b0982c75ed9a9e57bdf8 -- filename: LibRaw.rpm - url: http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/LibRaw-0.19.5-2.el8.i686.rpm - validation: - type: sha256 - value: 6c1daf29b5fe10d281394196a40e0d914880eb3c31cf961f3ee99ab61d92a649 -- filename: librsvg2.rpm - url: http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/librsvg2-2.42.7-4.el8.x86_64.rpm - validation: - type: sha256 - value: 44f01d59b88bf019a11a25e9c38650d6f6d82abbdd2165783772d7d92c0c97af -- filename: libtool-ltdl.rpm - url: http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/libtool-ltdl-2.4.6-25.el8.x86_64.rpm - validation: - type: sha256 - value: 7dcd11f03fa0979841bf0afe0a2ac8f360502d0a2dee8322a39115595c2464ec -- filename: liblqr.rpm - url: https://rpms.remirepo.net/enterprise/8/remi/x86_64/liblqr-1-0.4.2-11.el8.remi.x86_64.rpm - validation: - type: sha256 - value: d79bd08cc0580fa3bd0f1c02c5a523403d8655411b4d7b49f7922963839156f4 -- filename: xorg-x11-fonts.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/xorg-x11-fonts-ISO8859-1-100dpi-7.5-19.el8.noarch.rpm - validation: - type: sha256 - value: 723c0424ce3ec12586d390f2c6d01a2075e9f91543eb5b9a5a998636d49cb3b0 -- filename: php-pecl-igbinary.rpm - url: https://rpms.remirepo.net/enterprise/8/php73/x86_64/php-pecl-igbinary-3.1.6-1.el8.remi.7.3.x86_64.rpm - validation: - type: sha256 - value: 40451064b4c3075573081902d0cfb42a5ab8f12f53f91a764e95b12da8e8ca3a -- filename: php-pecl-msgpack.rpm - url: https://rpms.remirepo.net/enterprise/8/php73/x86_64/php-pecl-msgpack-2.1.1-1.el8.remi.7.3.x86_64.rpm - validation: - type: sha256 - value: f6a1f7a29bd99d10932ac7a7a7fd7f7cae83e4b1a1e076979a1ca1c8e063bb2a -- filename: libmemcached.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/libmemcached-1.0.18-15.el8.x86_64.rpm - validation: - type: sha256 - value: a98237988be726539deb640103644929fcb0a3ffe5a4fcff1d488b866374b253 -- filename: libraqm.rpm - url: https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libraqm-0.7.0-4.el8.x86_64.rpm - validation: - type: sha256 - value: c71a88565f0951fac9e9de7ae5f2b5a48aceaf8da6f75d10ebbbb6717bde32fe -- filename: php-pecl-memcached.rpm - url: https://rpms.remirepo.net/enterprise/8/php73/x86_64/php-pecl-memcached-3.1.5-1.el8.remi.7.3.x86_64.rpm - validation: - type: sha256 - value: e35fc7c08150ef638810a1a2dce19c06545ed575b0737a4aa0ec19347584170a -- filename: libmemcached-libs.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/libmemcached-libs-1.0.18-15.el8.x86_64.rpm - validation: - type: sha256 - value: 412be2f692dbd7b761ba2cf35f6bbdf5c6af7ad862689f49399e3a176744f870 -- filename: pango.rpm - url: http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/pango-1.42.4-6.el8.x86_64.rpm - validation: - type: sha256 - value: 8246d152767da7e6dd297599ed4c55b8bde2a5c18e54d97a80d44eb3099d6e89 -- filename: appserver.tar.gz.aes.tar.gz - url: https://gitlab.com/crowdvector/dist/-/raw/feature/distribution/appserver/appserver.tar.gz.aes.tar.gz - validation: - type: sha256 - value: 125282343b1c8ae7d2c5d1bfd10fb70b9f84a245b9837a245c74ae2c41f78ca5 + - url: "https://getfedora.org/static/fedora.gpg" + filename: "fedora.gpg" + validation: + type: "sha256" + value: "5bdfc8afe0997046080d3d25950cbf5255fe6f647635bfe7f9b9f35be97e7196" + - url: "https://rpms.remirepo.net/RPM-GPG-KEY-remi2020" + filename: "RPM-GPG-KEY-remi2020" + validation: + type: "sha256" + value: "0483c1e7a7bf6bf6fe62882585d3bb9d903656ad020dd7045f2d496229c01959" + - url: "https://rpms.remirepo.net/RPM-GPG-KEY-remi2019" + filename: "RPM-GPG-KEY-remi2019" + validation: + type: "sha256" + value: "bba72d91ef180f18d3e7626a36ddd605d6f82ae31ce37802498b05d5444f52bb" + - url: "https://rpms.remirepo.net/RPM-GPG-KEY-remi2018" + filename: "RPM-GPG-KEY-remi2018" + validation: + type: "sha256" + value: "01992da5a631f40d0c733441f8623e0ceddcb98541b70ad528c51f04877875fb" + - url: "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official" + filename: "RPM-GPG-KEY-CentOS-Official" + validation: + type: "sha256" + value: "146059788b214d7ba0dd70c1cf21111e594c6cfde201da8a9a88fe7101be8a78" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/fastlz-0.1.0-0.12.20070619svnrev12.el8.x86_64.rpm" + filename: "fastlz.rpm" + validation: + type: "sha256" + value: "9709ef361090892632cbdbb6002d96b4ab77e8b6dbed4568b215b153eda49e36" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/gdk-pixbuf2-2.36.12-5.el8.x86_64.rpm" + filename: "gdk-pixbuf2.rpm" + validation: + type: "sha256" + value: "94cb8dceb47a5b01e3c0542ea3b48601d720325da28e6e6d89ae529e4fddcd97" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/pixman-0.38.4-1.el8.x86_64.rpm" + filename: "pixman.rpm" + validation: + type: "sha256" + value: "ddbbf3a8191dbc1a9fcb67ccf9cea0d34dbe9bbb74780e1359933cd03ee24451" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libXaw-1.0.13-10.el8.x86_64.rpm" + filename: "libXaw.rpm" + validation: + type: "sha256" + value: "d82ca1d1d9aea848d05ac0ffe889f921a19f37883ae1cf6ba1ca0528e2ab46e4" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/ilmbase-2.2.0-11.el8.x86_64.rpm" + filename: "ilmbase.rpm" + validation: + type: "sha256" + value: "ed2e48ad367e08c5f6d0e79c405ff38967506895c0e39209d301d56529f6ddaa" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/php-pecl-imagick-3.4.4-10.el8.remi.7.4.x86_64.rpm" + filename: "php-pecl-imagick.rpm" + validation: + type: "sha256" + value: "ee970eb9253619761dd6cb5825037a103e8e6b33c6d8c5d77179abf707e2c66b" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/graphviz-2.40.1-40.el8.x86_64.rpm" + filename: "graphviz.rpm" + validation: + type: "sha256" + value: "b70b6fdaf8fe66a2823d5d415b016acfb0d6f6b6a2a7154820db9ef76e908a90" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libwmf-lite-0.2.9-8.el8_0.x86_64.rpm" + filename: "libwmf-lite.rpm" + validation: + type: "sha256" + value: "e539923a2a5b5f484264007524cf13bf9731c27454784ef2b05d516115cd7bf3" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/fftw-libs-double-3.3.5-11.el8.x86_64.rpm" + filename: "fftw-libs-double.rpm" + validation: + type: "sha256" + value: "ed2767829f8545739e9861254cc4c729a43f0e67b981af3102649b4732feaeff" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/ImageMagick-6.9.11.60-1.el8.remi.x86_64.rpm" + filename: "ImageMagick.rpm" + validation: + type: "sha256" + value: "4ac62abc77bf7167252f611c927dfe05cb27e4a3ba3a0d988383d5225b8f0f40" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/ImageMagick-libs-6.9.11.60-1.el8.remi.x86_64.rpm" + filename: "ImageMagick-libs.rpm" + validation: + type: "sha256" + value: "b6dfe99aee70afab8db67e76b32a8da48d9ec90671f4e8c7659fe754d9c4fa9d" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/cairo-1.15.12-3.el8.x86_64.rpm" + filename: "cairo.rpm" + validation: + type: "sha256" + value: "2fcd7a063cab2e103fd4fdf8f4c63d09b9f3d60759c3b0982c75ed9a9e57bdf8" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/LibRaw-0.19.5-2.el8.x86_64.rpm" + filename: "LibRaw.rpm" + validation: + type: "sha256" + value: "b7a990676a9d74f74d368867006b896fac2e3c11f329fd61b81d9c4247d8a13b" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/librsvg2-2.42.7-4.el8.x86_64.rpm" + filename: "librsvg2.rpm" + validation: + type: "sha256" + value: "44f01d59b88bf019a11a25e9c38650d6f6d82abbdd2165783772d7d92c0c97af" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libtool-ltdl-2.4.6-25.el8.x86_64.rpm" + filename: "libtool-ltdl.rpm" + validation: + type: "sha256" + value: "7dcd11f03fa0979841bf0afe0a2ac8f360502d0a2dee8322a39115595c2464ec" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/liblqr-1-0.4.2-11.el8.remi.x86_64.rpm" + filename: "liblqr.rpm" + validation: + type: "sha256" + value: "d79bd08cc0580fa3bd0f1c02c5a523403d8655411b4d7b49f7922963839156f4" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/xorg-x11-fonts-ISO8859-1-100dpi-7.5-19.el8.noarch.rpm" + filename: "xorg-x11-fonts.rpm" + validation: + type: "sha256" + value: "723c0424ce3ec12586d390f2c6d01a2075e9f91543eb5b9a5a998636d49cb3b0" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/php-pecl-igbinary-3.2.1-1.el8.remi.7.4.x86_64.rpm" + filename: "php-pecl-igbinary.rpm" + validation: + type: "sha256" + value: "99ac1ef1f73e9e27a4f4516828852b38e36d86d9225cca56ae885446bba1e7ed" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/php-pecl-msgpack-2.1.2-1.el8.remi.7.4.x86_64.rpm" + filename: "php-pecl-msgpack.rpm" + validation: + type: "sha256" + value: "4eb2366f72a0002e9d2627e5967d45a9125a00641c9fd420c1ec981e4a63d692" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libmemcached-1.0.18-15.el8.x86_64.rpm" + filename: "libmemcached.rpm" + validation: + type: "sha256" + value: "a98237988be726539deb640103644929fcb0a3ffe5a4fcff1d488b866374b253" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libraqm-0.7.0-4.el8.x86_64.rpm" + filename: "libraqm.rpm" + validation: + type: "sha256" + value: "c71a88565f0951fac9e9de7ae5f2b5a48aceaf8da6f75d10ebbbb6717bde32fe" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/php-pecl-memcached-3.1.5-1.el8.remi.7.4.x86_64.rpm" + filename: "php-pecl-memcached.rpm" + validation: + type: "sha256" + value: "667abde23582e725e115080de88c92583bce654b0bc0959b841338a0f42dcb0e" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/libmemcached-libs-1.0.18-15.el8.x86_64.rpm" + filename: "libmemcached-libs.rpm" + validation: + type: "sha256" + value: "412be2f692dbd7b761ba2cf35f6bbdf5c6af7ad862689f49399e3a176744f870" + - url: "https://gitlab.com/crowdvector/dist/-/raw/master/dependencies/appserver/pango-1.42.4-6.el8.x86_64.rpm" + filename: "pango.rpm" + validation: + type: "sha256" + value: "8246d152767da7e6dd297599ed4c55b8bde2a5c18e54d97a80d44eb3099d6e89" + - url: "https://gitlab.com/crowdvector/dist/-/raw/feature/distribution/docker/appserver/appserver-21.13.tar.gz.aes.tar.gz" + filename: "appserver.tar.gz.aes.tar.gz" + validation: + type: "sha256" + value: "6c9bfeb89ec49580900811d27b9d0fdd9b2238abdd614fcc75d7ffba1642b268" # List of project maintainers maintainers: -- email: "fedramp_admin@collaboration.ai" - name: "Collaboration.Ai" - username: "crowdvector" +- email: "jay@collaboration.ai" + name: "Jay Punnackal" + username: "jpunnackal" cht_member: false - name: "Delali Kwami" username: "kwami.delali" diff --git a/scripts/decrypt.sh b/scripts/decrypt.sh new file mode 100755 index 0000000000000000000000000000000000000000..de00e2a6a8cd1e17d98b338bd6cdbd7c7f9c30ef --- /dev/null +++ b/scripts/decrypt.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +path=$(pwd) +cd /opt/ignite/ + +if [ -f "appserver.tar.gz.aes" ]; then + # Decrypt and extract source, remove duplicate package files + + echo "Decrypting source..." + openssl aes-256-cbc -md sha256 -d -in appserver.tar.gz.aes -out appserver.tar.gz -k $LICENSE_KEY && rm appserver.tar.gz.aes + + echo "Unpacking source..." + tar -xf appserver.tar.gz && rm appserver.tar.gz + + # Remove duplicate package files + rm composer.json composer.lock +fi + +cd $path + +echo "Starting main process..." +eval $@ diff --git a/scripts/php-fpm-healthcheck b/scripts/php-fpm-healthcheck new file mode 100755 index 0000000000000000000000000000000000000000..b476190f2c7df24645b207fa8f1496d47cc6c2df --- /dev/null +++ b/scripts/php-fpm-healthcheck @@ -0,0 +1,139 @@ +#!/bin/sh +# vim: set filetype=sh : + +# Author: https://github.com/renatomefi +# The original code lives in https://github.com/renatomefi/php-fpm-healthcheck +# +# A POSIX compliant shell script to healthcheck PHP fpm status, can be used only for pinging the status page +# or check for specific metrics +# +# i.e.: ./php-fpm-healthcheck --verbose --active-processes=6 +# The script will fail in case the 'active processes' is bigger than 6. +# +# You can combine multiple options as well, the first one to fail will fail the healthcheck +# i.e.: ./php-fpm-healthcheck --listen-queue-len=10 --active-processes=6 +# +# Ping mode (exit 0 if php-fpm returned data): ./php-fpm-healthcheck +# +# Ping mode with data (outputs php-fpm status text): ./php-fpm-healthcheck -v +# +# Exit status codes: +# 2,9,111 - Couldn't connect to PHP fpm, is it running? +# 8 - Couldn't reach PHP fpm status page, have you configured it with `pm.status_path = /status`? +# 1 - A healthcheck condition has failed +# 3 - Invalid option given +# 4 - One or more required softwares are missing +# +# Available options: +# -v|--verbose +# +# Metric options, fails in case the CURRENT VALUE is bigger than the GIVEN VALUE +# --accepted-conn=n +# --listen-queue=n +# --max-listen-queue=n +# --idle-processes=n +# --active-processes=n +# --total-processes=n +# --max-active-processes=n +# --max-children-reached=n +# --slow-requests=n +# + +set -eu + +OPTIND=1 # Reset getopt in case it has been used previously in the shell + +# Required software +FCGI_CMD_PATH=$(command -v cgi-fcgi) || { >&2 echo "Make sure fcgi is installed (i.e. apk add --no-cache fcgi). Aborting."; exit 4; } +command -v sed 1> /dev/null || { >&2 echo "Make sure sed is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; } +command -v tail 1> /dev/null || { >&2 echo "Make sure tail is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; } +command -v grep 1> /dev/null || { >&2 echo "Make sure grep is installed (i.e. apk add --no-cache grep). Aborting."; exit 4; } + +# Get status from fastcgi connection +# $1 - cgi-fcgi connect argument +get_fpm_status() { + if test "$VERBOSE" = 1; then printf "Trying to connect to php-fpm via: %s%s\\n" "$1" "$SCRIPT_NAME"; fi; + + # Since I cannot use pipefail I'll just split these in two commands + FPM_STATUS=$(env -i REQUEST_METHOD="$REQUEST_METHOD" SCRIPT_NAME="$SCRIPT_NAME" SCRIPT_FILENAME="$SCRIPT_FILENAME" "$FCGI_CMD_PATH" -bind -connect "$1" 2> /dev/null) + FPM_STATUS=$(echo "$FPM_STATUS" | tail +5) + + if test "$VERBOSE" = 1; then printf "php-fpm status output:\\n%s\\n" "$FPM_STATUS"; fi; + + if test "$FPM_STATUS" = "File not found."; then + >&2 printf "php-fpm status page non reachable\\n"; + exit 8; + fi; +} + +# $1 - fpm option +# $2 - expected value threshold +check_fpm_health_by() { + OPTION=$(echo "$1" | sed 's/--//g; s/-/ /g;') + VALUE_EXPECTED="$2"; + VALUE_ACTUAL=$(echo "$FPM_STATUS" | grep "^$OPTION:" | cut -d: -f2 | sed 's/ //g') + + if test "$VERBOSE" = 1; then printf "'%s' value '%s' and expected is less than '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED"; fi; + + if test "$VALUE_ACTUAL" -gt "$VALUE_EXPECTED"; then + >&2 printf "'%s' value '%s' is greater than expected '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED"; + exit 1; + fi; +} + +PARAM_AMOUNT=0 + +# $1 - fpm option +# $2 - expected value threshold +check_later() { + # The POSIX sh way to check if it's an integer, also the output is supressed since it's polution + if ! test "$2" -eq "$2" 2> /dev/null; then + >&2 printf "'%s' option value must be an integer, '%s' given\\n" "$1" "$2"; exit 3; + fi + + PARAM_AMOUNT=$(( PARAM_AMOUNT + 1 )) + + eval "PARAM_TO_CHECK$PARAM_AMOUNT=$1" + eval "VALUE_TO_CHECK$PARAM_AMOUNT=$2" +} + +# From the PARAM_TO_CHECK/VALUE_TO_CHECK magic variables, do all the checks +check_fpm_health() { + j=1 + while [ $j -le $PARAM_AMOUNT ]; do + eval "CURRENT_PARAM=\$PARAM_TO_CHECK$j" + eval "CURRENT_VALUE=\$VALUE_TO_CHECK$j" + check_fpm_health_by "$CURRENT_PARAM" "$CURRENT_VALUE" + j=$(( j + 1 )) + done +} + +if ! GETOPT=$(getopt -o v --long verbose,accepted-conn:,listen-queue:,max-listen-queue:,listen-queue-len:,idle-processes:,active-processes:,total-processes:,max-active-processes:,max-children-reached:,slow-requests: -n 'php-fpm-healthcheck' -- "$@"); then + >&2 echo "Invalid options, terminating." ; exit 3 +fi; + +eval set -- "$GETOPT" + +# FastCGI variables +FCGI_CONNECT_DEFAULT="localhost:9000" +FCGI_STATUS_PATH_DEFAULT="/status" + +export REQUEST_METHOD="GET" +export SCRIPT_NAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}" +export SCRIPT_FILENAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}" +FCGI_CONNECT="${FCGI_CONNECT:-$FCGI_CONNECT_DEFAULT}" + +VERBOSE=0 + +while test "$1"; do + case "$1" in + -v|--verbose ) VERBOSE=1; shift ;; + --) shift ; break ;; + * ) check_later "$1" "$2"; shift 2 ;; + esac +done + +FPM_STATUS=false + +get_fpm_status "$FCGI_CONNECT" +check_fpm_health